Virtual Private Networks (VPNs) enable secure, encrypted communications between private networks and remote users through public telecommunications networks such as the Internet. Remote users typically establish VPN connections by using VPN client software that is closely tied to the operating system (OS) of their devices. Many companies that develop operating systems for devices do not publicly provide third-party developers access to low level native features of the OS, which is necessary for these developers to develop and implement VPN solutions that are compatible and properly function with the device OS. Consequently, VPN client software is usually provided by the OS developer and is not easily added by third parties.
Client software (both standard and third party solutions) usually requires special device privileges to create a VPN connection. For secure communications, VPN connections typically require root access to the device OS and direct access to the native TCP/IP stack and network communications stacks on the computing device. These severe restrictions are thought to be necessary to protect remote devices from malicious programs (viruses etc. . . . ) and to enable secure communications over a notoriously unsecure public network such as the Internet.
The dramatic rise in popularity of “smart” mobile devices (phones with access to the Internet) has resulted in a demand for VPN communications between these devices and secure private networks. Many of the most popular commercially available devices do not include a VPN client. The VPN clients that do exist typically suffer from reliability issues, significantly drain battery life, are limited to specific infrastructures, and/or offer a clunky user experience. Existing alternatives can help but often introduce security issues (e.g. reverse proxies) or are severely limited in utility.
Traditionally, desktop OS users have had fully privileged (root) authority and have had the choice to obtain a VPN client from either the OS developer or third party developers. Recently, security has tightened in the desktop space and has been especially restrictive from the start in the mobile device space. In this regard, the ability to gain root access and utilize third party developed clients has diminished.
Furthermore, with regard to VPN authentication, conventional VPN authentication protocols typically involve identifying a user requesting access to a VPN based on username/password or certificates or some other form of credentials, and applying an appropriate access control list (ACL) to the user. Some advanced VPN server/client technologies can additionally determine authentication/access based on the computing device that is used to request access to the VPN.